[Free] 2019(Nov) EnsurePass Palo Alto Networks PCNSE Dumps with VCE and PDF 101-110

Get Full Version of the Exam

Question No.101

An administrator sees several inbound sessions identified as unknown-tcp in theTraffic logs. The administrator determines that these sessions are form external users accessing the company#39;s proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats. Which option would achieve this result?

  1. Create a custom App-ID and enable scanning on the advanced tab.

  2. Create an Application Override policy.

  3. Create a custom App-ID and use the quot;ordered conditionsquot; check box.

  4. Create anApplication Override policy and custom threat signature for the application.

Correct Answer: A

Question No.102

An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an application that matches the same traffic signatures as the custom application. Which application should be used to identify traffic traversing the NGFW?

  1. Custom application

  2. System logs show an application error and neither signature is used.

  3. Downloaded application

  4. Custom and downloaded application signature files are merged and both are used

Correct Answer: A

Question No.103

An administrator has a requirement to export decrypted traffic from the Palo Alto Networks NGFW to a third-party, deep-level packet inspection appliance. Which interface type and license feature are necessary to meet the requirement?

  1. Decryption Mirror interface with the Threat Analysis license

  2. Virtual Wire interface with the Decryption Port Export license

  3. Tap interface with the Decryption Port Mirror license

  4. Decryption Mirror interface with the associated Decryption Port Mirror license

Correct Answer: D


https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/decryption- mirroring

Question No.104

In which two types of deployment is active/active HA configuration supported? (Choose two.)

  1. TAP mode

  2. Layer 2 mode

  3. Virtual Wire mode

  4. Layer 3 mode

Correct Answer: CD

Question No.105

Which feature can be configured onVM-Series firewalls?

  1. aggregate interfaces

  2. machine learning

  3. multiple virtual systems

  4. GlobalProtect

Correct Answer: D

Question No.106

Which method will dynamically register tags on the Palo Alto Networks NGFW?

  1. Restful API or the VMWare API on the firewall or on the User-ID agent or the read-only domain controller (RODC)

  2. Restful API or the VMware API on the firewall or on the User-ID agent

  3. XML-API or the VMware API on the firewall or on the User-ID agent orthe CLI

  4. XML API or the VM Monitoring agent on the NGFW or on the User-ID agent

Correct Answer: D


https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/register-ip-addresses- and-tags-dynamically

Question No.107

Which Palo Alto Networks VM-Series firewall is valid?

  1. VM-25

  2. VM-800

  3. VM-50

  4. VM-400

Correct Answer: C


https://www.paloaltonetworks.com/products/secure-the-network/virtualized-next-generation- firewall/vm-series

Question No.108

Which option is part of thecontent inspection process?

  1. Packet forwarding process

  2. SSL Proxy re-encrypt

  3. IPsec tunnel encryption

  4. Packet egress process

Correct Answer: A

Question No.109

How can a candidate or running configuration becopied to a host external from Panorama?

  1. Commit a running configuration.

  2. Save a configuration snapshot.

  3. Save a candidate configuration.

  4. Export a named configuration snapshot.

Correct Answer: D

Explanation: https://www.paloaltonetworks.com/documentation/71/panorama/panorama_adminguide/administe r-panorama/back-up-panorama-and-firewall-configurations

Question No.110

An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. Which profile is the causeof the missing Policies tab?

  1. Admin Role

  2. WebUI

  3. Authentication

  4. Authorization

Correct Answer: A

Get Full Version of the Exam